From 1500e361519226f767533673297269a7a2dcecf5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 15 Sep 2021 16:17:41 +0200 Subject: [PATCH] Fix the PSA_ALG_RSA_PSS salt length documentation Modify the documentation of the salt length for PSA_ALG_RSA_PSS. The new documentation matches the actual behavior of the library. It also matches the upcoming version (1.0.2) of the PSA Crypto API specification. Signed-off-by: Gilles Peskine --- include/psa/crypto_values.h | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index daef9416cce8..60e4106a1ca9 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1345,10 +1345,15 @@ * * This is the signature scheme defined by RFC 8017 * (PKCS#1: RSA Cryptography Specifications) under the name - * RSASSA-PSS, with the message generation function MGF1, and with - * a salt length equal to the length of the hash. The specified - * hash algorithm is used to hash the input message, to create the - * salted hash, and for the mask generation. + * RSASSA-PSS, with the message generation function MGF1. + * The specified hash algorithm is used to hash the input message, to create + * the salted hash, and for the mask generation. + * + * When creating a signature, the salt length is equal to the length of + * the hash, or the largest possible salt length for the algorithm and key + * size if that is smaller than the hash length. + * When verifying a signature, any salt length permitted by the RSASSA-PSS + * signature algorithm is accepted. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true).